pkgsrc changes:
- Add missing $PKG_SYSCONFDIR/logging directory and config file
- Improve Makefile readability
Changes in 3.2.3:
- Switch access to Maven Central to HTTPS (MNG-5672)
Changes in 3.2.2:
- Support version ranges in parent elements (MNG-2199)
- Requiring multiple profile activation conditions to be true does
not work (MNG-4565)
- Support resolution of Import Scope POMs from Repo that contains
a ${parameter} (MNG-5639)
- Update maven-plugin-plugin:descriptor default binding from
generate-resources phase to process-classes (MNG-5346)
- ${maven.build.timestamp} should use UTC instead of local timezone
(or be configurable) (MNG-5452)
- ${maven.build.timestamp} uses incorrect ISO datetime separator
(MNG-5647)
http://maven.apache.org/docs/3.0.5/release-notes.html
Apache Maven 3.0.5 is a maintenance release to fix a security
issue CVE-2013-0253 Apache Maven 3.0.4
http://maven.apache.org/security.html
CVE-2013-0253 Apache Maven 3.0.4
Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has
introduced a non-secure SSL mode by default. This mode
disables all SSL certificate checking, including: host
name verification , date validity, and certificate chain.
Not validating the certificate introduces the possibility
of a man-in-the-middle attack.
All users are recommended to upgrade to Apache Maven 3.0.5
and Apache Maven Wagon 2.4.
Maven is a software project management and comprehension tool.
Based on the concept of a project object model (POM), Maven
can manage a project's build, reporting and documentation from
a central piece of information.
